OFA’s director of front-engineering Daniel Ryan told Popper that he believes the Democratic National Committee (DNC) will “mothball” the tech and argues that it should be open because it was built on top of open source code and, therefore, should go back to the public. Popper also notes that if the DNC keeps the code on ice until the 2016 election, it will be useless. “But if our work was open and people were forking it and improving it all the time,” Ryan told Popper, “then it keeps up with changes as we go.” Ryan also points out that not opening up the code not only would stifle development for the next election, but would also hinder opportunities for other progressive organizations to build on the code in the next four years.

Popper reports that a DNC official responded to a request for comment, stating that “OFA is still working out the future of their tech and data infrastructure so any speculation at this time is premature and uninformed.” You can read Popper’s in-depth report at The Verge.

Strata Conference Santa Clara — Strata Conference Santa Clara, being held Feb. 26-28, 2013 in California, gives you the skills, tools, and technologies you need to make data work today. Learn more

Student hacker expelled, then offered jobs and a scholarship

Ethan Cox reports at the National Post that a computer science student at Montreal’s Dawson College has been expelled after discovering and reporting a security flaw in the college’s computer system. Cox writes:

“Ahmed Al-Khabaz … was working on a mobile app to allow students easier access to their college account when he and a colleague discovered what he describes as ‘sloppy coding’ in the widely used Omnivox software which would allow ‘anyone with a basic knowledge of computers to gain access to the personal information of any student in the system, including social insurance number, home address and phone number, class schedule, basically all the information the college has on a student.'”

Though the college initially thanked Al-Khabaz and promised to fix the problem, according to Cox’s report, when he tested for vulnerabilities two days later to ensure the problem had been corrected so he could move on with his app development, Edouard Taza, president of Skytech — the makers of the flawed software — accused Al-Khabaz of a cyber attack and forced him to sign a non-disclosure agreement, and Al-Khabaz subsequently was expelled from school. Christopher Curtis at The Montreal Gazette reports that the college’s general director Richard Filion said the “[Al-Khabaz] didn’t just try to find vulnerabilities in the student portal … He went into a whole series of other networks, including the school’s financial databases.”

In a separate post, Cox reports that Al-Khabaz has received multiple job offers since the incident made news, and though Dawson College has refused his expulsion appeal, Skytech president Taza has offered him a full scholarship to study in the private sector as well as a part-time job at Skytech.

The Next Web’s Harrison Weber highlights one of the major implications of this proposal, that “it classifies users [who] share their data with social networks — often unknowingly, in the case of IP addresses, GPS data, etc — as unpaid employees,” which could lead to a number of subsequent issues. Pfanner says that, according to the report, taxes would be based on an Internet platform’s number of users, “to be verified by outside auditors.”

“…computer science publication venues should start requiring authors to document whether they have IRB approval for studies involving human subjects, and how the study participants were consented. This documentation requirement is standard in the medical and social science communities, and it makes sense for computer science conferences and journals to do the same. … I am often asked to review papers in which the authors have deployed a mobile phone app that collects data about the app’s users. … In some cases, I have downloaded the app in question and installed it, only to discover that the app never informs the user that it is collecting sensitive data in the background. The problem is, such practices are unethical (and possibly illegal) according to federal requirements for protecting the privacy for human subjects in a research study.”

Walsh argues that requiring institutional review board (IRB) approval not only will raise awareness of the data collection and user privacy issues for the researcher, it will “prevent paper reviewers from having to make a judgment call.” You can read his full argument at his blog — it’s this week’s recommended read.

Tip us off

News tips and suggestions are always welcome, so please send them along.